Distributed storage is an interesting way of storing contents, notably, but not exclusively, in a P2P environment. It consists in storing redundant contents into different communication equipments of users, which agree to let at the disposal of other users a portion of their storage space. So, it offers a good resilience to failures because it minimizes the probability of irrecoverable content loss in case of a disk crash.
However, distributed storage must face several security issues. Indeed, unlike servers, whose softwares work in a highly secured environment, user softwares (and notably P2P one) run on communication equipment, such as home computers or laptops, and therefore may be easily tampered with or modified. Modified user softwares may deviate from normal behavior, and therefore may cause damage to other users, such as content losses, for instance. Effectively, a user may attempt to free ride his distributed storage environment by installing a modified client application that allows him to erase other users' content from his local storage disk, while falsely reporting that they are still present. In this situation the owner of a content finds out that this content has been erased when he tries to retrieve his content, and if no other copy of this content is available, then this content is irrecoverably lost.
Some distributed storage audit mechanisms have been proposed to allow content storage verification (or audit or else possession challenge).
Some of them consist in authorizing untrusted users (or peers) to audit themselves. This is notably the case of the mechanism described in the document of T.-W. J. Ngan et al., “Enforcing fair sharing of peer-to-peer resources”, in Proc. of IPTPS, 2003. These mechanisms employ randomization techniques to limit the effects of a small number of colluding nodes, however they are still vulnerable to bribery attacks, and notably those of large groups of colluding nodes.
Some other mechanisms rely on sophisticated cryptographic techniques to prove content possession. This is notably the case of the mechanism described in the document of G. Ateniese et al., “Provable Data Possesion at Untrusted Stores”, in Proc. of CCS, 2007. These mechanisms require more computing power than other mechanisms, and they generate some storage overhead. Moreover, these mechanisms are also vulnerable to colluding nodes.